Filebeat is the easiest way to get logs from files in your system to Logz.io, and it’s the tool we recommend for most situations.

This page is a general reference for Filebeat. If you need instructions for a specific log source (such as nginx, MySQL, or Wazuh), see Log shipping sources.

Configure Filebeat on macOS or Linux

Before you begin, you’ll need: Filebeat 7 or Filebeat 6

Download the Logz.io public certificate to your Filebeat server

For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.

sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Add your first log source to the configuration file

Log into your Logz.io account, and go to the Filebeat log shipping page to use the dedicated Logz.io Filebeat configuration wizard. It’s the simplest way to configure Filebeat for your use case.

For each of the log types you plan to send to Logz.io, fill in the following:

  • Select your operating system - Linux or Windows.
  • Specify the full Path to the logs.
  • Select a log Type from the list or select Other and give it a name of your choice to specify a custom log type.
    • If you select a log type from the list, the logs will be automatically parsed and analyzed. List of types available for parsing by default.
    • If you select Other, contact support to request custom parsing assistance. Don’t be shy, it’s included in your plan!
  • Select the log format - Plaintext or Json.
  • (Optional) Enable the Multiline option if your log messages span multiple lines. You’ll need to give a regex that identifies the beginning line of each log.
  • (Optional) Add a custom field. Click + Add a field to add additional fields.
Add additional sources (Optional)

The wizard makes it simple to add multiple log types to a single configuration file. Click + Add a log type to fill in the details for another log type. Repeat as necessary.

Validate the file

When you’re done adding your sources, click Make the config file to download it.

You can compare it to our sample configuration if you have questions.

If you’ve edited the file manually, it’s a good idea to run it through a YAML validator to rule out indentation errors, clean up extra characters, and check if your yml file is valid. (Yamllint.com is a great choice.)

Move the configuration file to the Filebeat folder

Move your configuration file to /etc/filebeat/filebeat.yml.

Start Filebeat

Start or restart Filebeat for the changes to take effect.

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.